﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace Hotnet.Dal.Utility
{
	class SqlUility
	{

		private static string strSQLin = "'|and|--|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|&|%20|==|>| <";
		private static string[] strSQLinGroup = strSQLin.Split(new char[] { '|' }, 23); 
		/// <summary>
		/// 把数组转换成in sql语句,例如 (1,2,3,4)
		/// </summary>
		/// <typeparam name="T"></typeparam>
		/// <param name="array"></param>
		/// <returns></returns>
		public static string ConvertArrayToInStatement<T>(T[] array)
		{
			if (array == null || array.Length == 0)
				return "";
			StringBuilder sb = new StringBuilder("(");
			for (int i = 0; i < array.Length; i++)
			{
				sb.Append(array[i].ToString());
				if (i != array.Length - 1)
					sb.Append(",");
			}
			sb.Append(")");
			return sb.ToString();
		}

		public static string GetQueryStringSafe(string pStr)
		{
			if (pStr != null && pStr.Length > 0)
			{
				pStr = pStr.ToLower();
				for (int i = 0; i < strSQLinGroup.Length; i++)
				{
					if (pStr.IndexOf(strSQLinGroup[i]) >= 0)
					{
						pStr=pStr.Replace(strSQLinGroup[i],"");
						break;
					}
				}
			}
			return pStr;
		}
	}
}
